{"containers": {"cna": {"affected": [{"product": "ASP.NET Core", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "ASP.NET Core"}]}], "datePublic": "2017-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-25T18:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/aspnet/Announcements/issues/239"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0247", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "ASP.NET Core"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx", "refsource": "CONFIRM", "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"}, {"name": "https://github.com/aspnet/Announcements/issues/239", "refsource": "MISC", "url": "https://github.com/aspnet/Announcements/issues/239"}, {"name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", "refsource": "MISC", "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:55:19.171Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/aspnet/Announcements/issues/239"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0247", "datePublished": "2017-05-12T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-05T12:55:19.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la funci\u00f3n TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a 1.1.3 permite a los atacantes remotos causar una denegaci\u00f3n de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin car\u00e1cter Unicode."}], "id": "CVE-2017-0247", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T14:29:03.910", "references": [{"source": "secure@microsoft.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://github.com/aspnet/Announcements/issues/239"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://github.com/aspnet/Announcements/issues/239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}